Byll

Privacy Policy

Effective date: March 1, 2026

What we collect

  • Account info — your name and email address when you sign up.
  • Bank transactions - read-only transaction data synced via Plaid when you connect a bank account, plus transaction data you manually upload through CSV bank statement imports. We never access your bank login credentials or initiate transfers.
  • Receipts & OCR results — images you upload and the line items extracted from them.
  • Expense, split, and payment records - the data you enter to track shared costs with others.
  • Dispute data - dispute reasons and proposed amounts submitted by payees through public charge-link pages.

How we use your data

Your data is used solely to provide the Byll expense-splitting service — calculating shared costs, generating payment summaries, and sending charge notifications. We do not sell your data, share it with advertisers, or use it for any purpose unrelated to the service.

Third-party services

Byll uses the following third-party services to operate:

  • Plaid — bank account connection and transaction sync
  • Supabase — database, authentication, and file storage
  • Veryfi — receipt OCR and line item extraction
  • Vercel — web hosting and serverless functions
  • Resend - transactional email (e.g., expense notifications)
  • Inngest - background job orchestration (e.g., receipt OCR processing and dispute notification workflows)

Each provider processes only the data necessary to perform its function. We do not share your data with any other third parties.

Plaid has its own privacy practices. See Plaid's Consumer Privacy Policy.

Cookies and local storage

Byll uses essential cookies and local storage to keep you signed in, maintain session security, and remember app preferences such as theme settings. We do not use these technologies for third-party advertising.

Data shared on public charge links

Charge-link pages (for example, /pay/[token]) are accessible without login to anyone with the link. These pages may show payment amount, note, requester display name, and linked expense details (including relevant line items) when provided by the requester.

Data security

All data is encrypted in transit using TLS and encrypted at rest in Supabase's managed PostgreSQL database. Bank credentials (Plaid access tokens) are additionally encrypted with AES-256-GCM before storage. Contact identifiers are stored as one-way HMAC-SHA256 hashes - we never store raw email or phone numbers in a way that can be linked across users.

Data retention

We retain data for as long as needed to provide the service and support legal, security, and accounting requirements. For example:

  • Account data is retained while your account is active.
  • Plaid access tokens are retained only while a bank connection is active and are revoked/deleted when disconnected.
  • Charge links and related dispute records are retained for record-keeping unless deleted.

When your account is deleted, associated records are deleted through cascading database relationships. For additional retention details, contact us at thebyllapp@gmail.com.

Children's privacy

Byll is not intended for children under 13 (or under 16 where required by local law). We do not knowingly collect personal information from children.

Your rights

You may request deletion of your account and all associated data at any time by emailing thebyllapp@gmail.com. We will delete your data within 30 days of receiving your request.

California residents may have additional privacy rights under California law (including rights to know, delete, and correct certain personal information). You can submit requests at the same contact email below.

You can revoke Plaid-linked bank access by disconnecting a bank account in the app when available, or by contacting us and requesting revocation.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above and notify users through the app, email, or both where appropriate.

Contact

Questions or concerns? Email us at thebyllapp@gmail.com.